Irwin Przeperski

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A low-privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user's password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can enumerate valid user names from an unprotected "API endpoint". No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.